Magento 2.3.7 enhances performance, security fixes a lot of bugs.
The fixed vulnerabilities have not been exploited yet, but your site should be updated as soon as possible.
The security update is also available as patch without all the other updates. Magento 2.3.7 contains minor backward-incompatible changes but is overall backward-compatible.
Highlights
- Magento 2.3.7 contains 10 fixes and 40 security enhancments that help to close remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities.
- The copy-to-clipboard feature has also been disabled for all storefront credit card fields.
- Platform upgrades:
- PHP 7.4 support.
- PHP 7.3 is now deprecated
- Removal of PHP 7.1 and 7.2 compatibility.
- Support for PHPUnit 9.x and deprecation of PHPUnit 6.5.
- Elasticsearch 7.9.x is now supported.
- Varnish 6.5.1 is now supported on 2.3.x.
- Magento 2.3.7 is now compatible with Composer 2.x.
- Redis 6.x is now supported.
- Interactive In-Product Guidance update.
- The Vimeo Simple API has been replaced with Vimeo oEmbed API.
- Some functional fixes.
- The Web Set Up Wizard has been deprecated and removed.
- All Vendor-Developed Extensions (VDEs) include bug fixes, security updates, and PHP 7.4 support.
- Amazon Pay has been deprecated.
- New Vertex features and enhancements.
All new features and fixes can be found on devdocs.magento.com.
Remember to create a backup before installing updates.
